cleantalk
Vulnerabilities and Security Researches

Feeds for YouTube (YouTube video, channel, and gallery plugin), CVE-2023-4841

CVE, Research URL

CVE-2023-4841

Home page URL

Security reports for Feeds for YouTube (YouTube video, channel, and gallery plugin)

Application

Feeds for YouTube (YouTube video, channel, and gallery plugin)

Published on
Sep 14, 2023
Research Description
The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.1.2.
Status
vulnerable
Previous vulnerability researches
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2025-64635) , Jan 10, 2026
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2023-4841) , Jun 07, 2024
Feeds for YouTube (YouTube video, channel, and gallery plugin) (63d036bf8354801dd02167b4cc6a671f96fb03ce) , Jun 07, 2024
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2025-12002) , Jan 28, 2026
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2024-6256) , Jul 12, 2024
New vulnerability
WP Learn Manager (CVE-2021-47975) , May 19, 2026
Autoptimize (CVE-2026-3220) , May 19, 2026
Feeds for YouTube (YouTube video, channel, and gallery plugin) (CVE-2026-1631) , May 19, 2026
WordPress Plugin for Google Maps – WP MAPS (CVE-2026-6381) , May 19, 2026
BuddyPress (CVE-2020-37233) , May 19, 2026